sqs group limited managing code quality and delivery in the 21 st century application intelligence...
TRANSCRIPT
SQS Group Limited
Managing Code Quality and Delivery in the 21st Century
Application Intelligence
Sebastian Paczynski
© SQS Group Ltd. | AI | January 2009 | Page 2
Improve the Quality of Code and Ensure Delivery
Assess Code Maintainability
Compare Code Quality
Avoid Legal License Pitfalls
But what about meeting deadlines?
The Department of Commerce's National Institute of Standards and Technology (NIST) estimates that software bugs cost the U.S. economy nearly $60 billion annually and that improved testing could eliminate more than one-third of software failures. The report explained that almost 80% of development costs entail identifying and correcting defects
Improving software code quality will help meet deadlines and deliver high quality software that meets the client needs
Management Challenges in Delivering Quality Code
© SQS Group Ltd. | AI | January 2009 | Page 3
To improve any process we need to know where we are and where we want to be. To get from point A to point B we need to know where they are
How can we identify where we are Need a defined process that is repeatable and cost effective
Code Reviews are useful but costly, not free of emotion
Need to continually assess software quality to assess progress of improvements (compare code quality)
Where should we be There is no “perfect world scenario” - Money and time are limiting factors but what is “good
enough”?
How are our competitors doing?
What can we do to ensure that potential issues are found early during development as opposed to during testing (or production) when it may be too late for major changes to be implemented
How can we ensure that development teams or vendors adhere to a certain level of quality?
Improve the Quality of Code
© SQS Group Ltd. | AI | January 2009 | Page 4
Average developer makes ± 125 errors for every thousand lines of code written
Even if only 10% of these errors are serious, this equates to about 250 major coding errors in an application of 20,000 lines of code which is a relatively small system, especially in the enterprise environment
Issues found early in the development lifecycle are significantly cheaper to fix compared to when found late in the development lifecycle
Improving quality ensures that developers are free to get on with the task as opposed to wasting time on fault finding and fixing
Poor architecture can cause many quality problems including but not limited to:
Fragility
Lack of scalability (Code Maintainability )
Resistance to modification (Code Maintainability )
Software developers must be aware of the architecture and the relationships which exist between classes and/or libraries and ensure that local changes do not have adverse effects elsewhere
Why Should We Improve the Quality of Code
© SQS Group Ltd. | AI | January 2009 | Page 5
Software Requirements Validation Validate requirements to ensure that they are correct, unambiguous, complete and verifiable
Software Architecture Verification Verifies that the code written adheres to the technical architecture design
Software Architecture Evaluation CMMI of IT Architectures
Based on the Architecture Trade-off Analysis Method (ATAM) of the Software Engineering Institute
Established and tested procedure
Reliable results as decision basis
Consideration of technical and functional aspects
Examines the architecture of an application regarding strategic goals such as growth, future interoperability etc
Code Quality Management Static & Dynamic Code Analysis to find programming errors
Utilise agreed quality criteria so that the process is easily repeatable – gauge quality over time
Helps define clear quality gates between each phase in the SDLC
What can we do?
© SQS Group Ltd. | AI | January 2009 | Page 6
Why should we worry about code maintainability – there is a project to be delivered Research shows around 67% of the total cost of ownership over the application’s life cycle is the
maintainability of code
Assess Code Maintainability
3%
3%
5%
7%
15%
67%
Analysis
Specification
Design
Implementation
Test
Maintenance
© SQS Group Ltd. | AI | January 2009 | Page 7
Application needs to be able to evolve and be upgraded in a cost effective manner as the business needs outgrow the initial requirements
How complex is my code?
Code Quality Management Review will help to assess the maintainability of code in terms of the following:
Readability
Ease of maintenance, debugging, fixing, modification and portability
Complexity rating
Software Architecture Verification - Helps to ensures that code has followed design and allow for easier maintenance in the future since the product follows the documentation
Software Architecture Evaluation - Helps to ensure that the solution is in line with the organisation’s strategic goals and will meet future demands
Assess Code Maintainability continued
© SQS Group Ltd. | AI | January 2009 | Page 8
How do we select the right vendor partner How can we be sure that the vendor partner uses industry best practises and has experienced
developers?
How effective is our offshore development team How can we compare the code produced by onshore and offshore teams?
What is the real cost of moving to offshore?
How do we perform against our competitors?
How do we recognise the “stars” in our team What about teams that use different platforms and/or different languages?
Need a method to compare code quality that is objective, repeatable and free from emotion Need standardised criteria
Compare Code & Design Quality
© SQS Group Ltd. | AI | January 2009 | Page 9
AI can help to gauge the intrinsic quality of code and design deliverables that will enable management to make informed decisions and compare different code bases even if they have been written in different programming languages Compare vendors by evaluating previously written code and the associated designs
Compare different teams
Identify and recognise “stars” in the programming team in a repeatable and objective manner
Help to provide incentives for good quality practises throughout the project team
Compare Code & Design Quality continued
© SQS Group Ltd. | AI | January 2009 | Page 10
Open Source Software is of a high quality and is “free” Or is it?
Gartner: In 2011, 80% of the Global 2000 Companies will use Open Source Software (OSS) in their business critical applications
The commercial usage of Open Source is bound to license conditions that potentially involve disclosure of your source code
Software vendors are stepping up efforts to identify, audit and prosecute organizations that are not compliant with their software licensing agreements
2006 survey conducted by Gartner Research revealed that 35% of companies had experienced an on-site software audit from a major software vendor
How much Open Source or Commercial Software are we using Where is it from?
What are the legal implications?
How do we find it?
Static code analysis tools (License compliance management) can help to answer these questions and uncover hidden legal risks
Legal License Pitfalls
© SQS Group Ltd. | AI | January 2009 | Page 11
However, this isn’t a silver bullet
The need for black box testing of functionality cannot be overlooked
Hybrid / grey testing
Code Quality Management and validation of software deliverables is being adopted particularly in Europe and US UK?
Silver Bullet?
SQS Group Limited
7-11 Moorgate | London, EC2R 6AF, United KingdomPhone: +44 (0) 20 7448 4620 Fax: +44 (0) 20 7448 4651E-Mail: [email protected]: www.sqs-uk.com
Thank you for your attention